Cybersecurity Jobs List logo

Cybersecurity Jobs List

  1. Home
  2. Jobs
  3. United Arab Emirates
  4. Abu Dhabi
  5. GRC
  6. Principal Analyst, Governance , Risk & Compliance Tech
First Abu Dhabi Bank logoFA
First Abu Dhabi Bankbankfab.com

Principal Analyst, Governance , Risk & Compliance Tech

Abu Dhabi, United Arab EmiratesFull-time17h ago

KEY ACCOUNTABILITIES: 

GRC Operations
•    Maintain visibility of the GRC activities across the unit and ensure implementation of proper tracking & reporting mechanisms. 
•    Ensure tracking and completion of GT BIA/BCP related requirements as per the GBCM timelines.
•    Ensure tracking, monitoring, and reporting of the GT related periodic UAE regulatory requests & reporting.
•    Oversee GT Risk Remediation program and ensure implementation of proper governance mechanisms.
•    Ensure timely completion of IT Risk Operations activities. 
•    Oversee management of Data Leakage Prevention (DLP) notifications and improvement initiatives to optimize monitoring policies. 
•    Act as a point of contact for GIA for Tech GRC audit activities. 
•    Act as a point of contact for internal/external auditors and regulators for all IT Governance and Risk related items
•    Ensure implementation of proper tracking mechanism for Operational Risk Incidents to ensure compliance with GORM policies. 
•    Ensure all the GRC systems used by 3 lines of defense are in sync and oversee periodic reconciliation activities.
•    Ensure proper governance of GIA issues and other key risk items to ensure timely remediation.
•    Ensure identification and implementation of automation initiatives to improve overall GRC operations.
•    Support & contribute to implement initiatives to improve ways of working with 2nd line & 3rd line functions.
•    Ensure timely and accurate MIS is available for GRC related activities.

. Technology Risk Management Framework:
•    Establish IT risk management framework to identify, analyse, mitigate, manage, monitor, and communicate IT risks.
•    Ensure adherence to Group Security policies and standards for effective implementation of security controls within GIT.
•    Contribute towards maintenance of standard technology risk and control library.
•    Implement the cyber risk assessment model and analysis approaches.
•    Understand how cyber risk fits into overall Technology Risk Management and ensure integration.
•    Identify, agree and manage various assurance initiatives and internal reviews across GIT

Technology Risk Identification & Assessments:
•    Ensure timely identification and assessment of IT risks throughout software development / acquisition lifecycle.
•    Ensure IT risks are managed as per the agreed IT risk appetite, tolerance levels and in accordance with remediation plans and target dates defined in alignment with Group Policies.
•    Support and help technology teams on various risk and control assessments activities.
•    Participate in Project & Change reviews to ensure appropriate treatment of technology risks.
•    Work with technology teams to ensure implementation of comprehensive solutions to protect organization information assets.
•    Manage periodic risk assessment activities to identify vulnerabilities, threats and control effectiveness. 
•    Periodically identify the risks that might compromise cyber security.
•    Analyse the severity of each risk by assessing likelihood and impact. Agree with stakeholders on the residual risk ratings and potential risk exposure.
•    Qualify/quantify exposures and vulnerabilities on a big-picture scale to create a thorough understanding of the risk environment.

Technology Risk Treatment & Review:
•    Oversee development of risk treatment strategies to maintain the bank’s risk posture at the desired level.
•    Engage with various IT teams to review risk profile, risk treatment strategies and action plans.
•    Ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc. and help IT teams in closure of risks/issues.
•    Regularly review current risk measures and ensure implementation of adaptive approach to manage evolving cyber risks.

Technology Risk Monitoring & Reporting:
•    Identify and define Key Risk Indicators (KRI) to monitor high risk areas.
•    Deliver periodic risk profile reports and KRI reports to senior management.
•    Review Major incident Reports and ensure proper risk/control measures are identified to prevent incident reoccurrence.
•    Manage Technology risk committee meetings and ensure closure of action items.

Cloud Management
•    Ensure due diligence of cloud service providers and oversee ongoing cloud service providers security assessments.
•    Evaluate cloud solutions and determine risk of technology architecture, implementation, and suitability for the organization.
•    Ensure cloud service providers contracts are compliant to Group policies/processes and relevant controls are considered in the contract with cloud service providers.
•    Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment. 
•    Support and maintain risk assessment capabilities to review and assess digital business models end to end.
•    Work with business and technology teams to better understand digital business risk and facilitate a balance between the need to protect the organization and the need to optimize customer experience. 
•    Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines.
•    Provide risk management guidance and advice to technology teams on cloud technologies and digital solutions.

DevOps/DevSecOps/Agile Practices
•    Provide inputs to development and maintenance of policies, frameworks, methods and standards for the DevOps and agile practices.
•    Work with technology teams to embed automated controls across delivery pipeline. Collaborate with service teams to ensure CI/CD pipeline delivers faster time-to-market for the product and positive customer experience.
•    Monitor and support integration and standardization of related development methodologies across Technology service lines.
•    Facilitate the “shift to the left” approach of moving a task to an earlier stage in the development cycle to ensure the risk and security standards are met from the beginning
•    Advocate adaptation of continuous feedback loop mechanisms and ensure team members are regularly prompted to improve the development and maintenance of the solutions.
•    Coach agile teams in the methodology and ensure training is provided to employees on the agile practices.
•    Evaluate possible bottlenecks of running the application in production and suggest service improvement plans.
•    Ensure compliance and security best practices are incorporated throughout the development process.

QUALIFICATIONS & EXPERIENCE: 
Knowledge & Experience: 
•    10 or more years of working experience in IT Security, Risk and Governance practices.
•    3+ years of experience working in leadership role IT Security, Risk and Governance.
•    Knowledge and expertise in virtualization and cloud computing environments (different cloud models and types).
•    Hands on experience in using various Cloud Security best practices such as Cloud Security Alliance (CSA) guidelines and National Institute of Standards and Technology (NIST) guidelines.
•    Demonstrated experience in conducting technical risk assessments for various Cloud platforms.
•    Good understanding of process models and industry standards relating to IT Security, Risk and Governance. 
•    Good understanding of security and risk management in financial institutions.
•    Excellent knowledge of all aspects of technology: infrastructure; operations, security, development, change/transformation, support, innovation, vendor management etc., and banking related processes especially risk management. Should have demonstrable experience of working in many of these domains.
•    Strong analytical capabilities and knowledge of related tools and processes.  Proven ability to handle volume detail and summarize effectively.
•    Good understanding of banking related environments – especially around high availability, data confidentiality, security etc.
•    Evidence of influencing senior stakeholders and dealing with external auditors and regulators.
•    Excellent interpersonal skills and good oral and written communication skills.
•    Achievement of industry recognized certifications such as CISSP, CRISC, CCSP, CCSK, CISA etc.
•    Achievement of AWS and Azure cloud certifications is preferable.

Skills:
•    Relationship management 
•    Influencing skills
•    Big picture thinker with attention to details
•    Strong change and communication skills
•    Strong analysis skills
•    Strong interpersonal skills
•    Resource (time and people) management skills

 

Categories

GRC
IT Risk Management
Cyber Risk
Cloud Security
Technology Risk

Skills

GRC
IT Risk Management
Cloud Security
Data Leakage Prevention
Business Impact Analysis
Business Continuity Planning
Cyber Risk Assessment
DevSecOps
CI/CD Pipeline
Cloud Computing
NIST Guidelines
Cloud Security Alliance
Agile Practices
Risk Assessment
Security Controls